Roundup@1.4.0 Security Vulnerabilities and Issues — Roundup@1.4.0 CVE List

Lucene search

Roundup-trackerRoundup1.4.0

6 matches found

CVE•added 2008/03/24 10:44 p.m.•60 views

CVE-2008-1474

Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).

4.3CVSS5.9AI score0.01035EPSS

CVE•added 2014/04/11 3:55 p.m.•49 views

CVE-2012-6131

Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.

4.3CVSS5.9AI score0.00407EPSS

CVE•added 2010/09/24 7:0 p.m.•47 views

CVE-2010-2491

Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.

4.3CVSS5.5AI score0.0061EPSS

CVE•added 2014/04/11 3:55 p.m.•43 views

CVE-2012-6130

Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.

4.3CVSS5.9AI score0.00407EPSS

CVE•added 2008/03/24 10:44 p.m.•42 views

CVE-2008-1475

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.

6.4CVSS6.1AI score0.0047EPSS

CVE•added 2014/04/10 8:29 p.m.•39 views

CVE-2012-6132

Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.

4.3CVSS5.9AI score0.00256EPSS